Regulators

Website hacking on a rise in last four years: Ravi Shankar Prasad

NEW DELHI: A total number of 21699, 27605, 28481 and 32323 websites were hacked by various hacker groups spread across the world from 2011 to 2014, clearly showing an increase in incidents of hacking.

According to the Indian Computer Emergency Response Team (CERT-In), these also include a total number of 308, 371, 189 and 155 Government websites hosted under ‘gov.in’ and ‘nic.in’ domains during the year 2011 to 2014.

Among the comprehensive measures to tackle the problem, the Government says all Central Government Ministries / Departments and State / Union Territory Governments have been advised to conduct security auditing of entire Information Technology infrastructure.

All the new government websites and applications are to be audited with respect to cyber security prior to their hosting. The auditing of the websites and applications is to be conducted on a regular basis after hosting also. CERT-In provides necessary expertise to audit IT infrastructure of critical and other ICT sectors.

It has been mandated that all government websites are to be hosted on infrastructure of National Informatics Centre (NIC), Education and Research Network (ERNET) or any other secure infrastructure service provider in the country.

NIC, which hosts the government websites is continuously engaged in upgrading and improving the security posture of its hosting infrastructure. NIC has been directed not to host websites, which are not audited with respect to cyber security.

CERT-In issues alerts and advisories regarding latest cyber threats and countermeasures on regular basis and has published guidelines for securing the websites, which are available on its website (www.cert-in.org.in). It also conducts regular training programmes to make the system administrators aware about secure hosting of the websites.

The hacking of websites is tracked on a 24x7 basis and alerts issued to the concerned website owners to restore the hacked websites and taking further actions to secure the websites.